<div id="header"><p>Login</p></div>
  
<?php

if($_GET["action"] === "login")
{
	
	// Empty username or password is invalid
	if($_POST["username"] === "" || $_POST["pass"] === "") {
		header('Location: ?p=login&action=invalid');
		return;
	}
		
	// Verify the username and password
	$name = $_POST["username"];
	$pass =  $_POST["pass"];

	// The salt is a hash of the username
 	 $salt = sha1($name);

	// The password is a hashed version of the password append to the salt
	$codedpass = sha1($pass.$salt);
	
	// We use the prepare statement call here, instead of direct calling
	// because the hashed password can't simply be appended as a string.
	$stmt = $database->prepare("CALL validateLogin(?,?)");

	// Bind parameters and execute procedure
	$stmt->bind_param('ss',$name,$codedpass);
	$stmt->execute();

	// Grab results from the call
	$validate = $stmt->fetch();

	// If the username/password combo was invalid, redirect to this page with invalid action
	if ($validate != $name)
	{
	 header('Location: ?p=login&action=invalid');
	 return;
	}
	// Otherwise, store the username and set the loggedIn var to true
	$_SESSION["username"] = $_POST["username"];
	$_SESSION["loggedIn"] = true;

	// Remember me?
	if(isset($_POST['rememberMe']))
	{
		// Store the username in cookie
		if($_POST['rememberMe'] == "Yes")
		{
			setcookie('storedUser',$_POST['username'],2147483647);
		}
	}
	else
	{
		// Delete the cookie if this user was originally remembered
		if($_POST['username'] == $_COOKIE['storedUser'])
		{
			setcookie('storedUser', "",time()-3600);
		}
	}
	// On successful login, redirect to the home page to show the data
	header('Location:?p=home');
	return;
}
else if($_GET["action"] === "invalid")
{
	echo "<p>Your username or password is invalid. Please try again.</p>";
}
else if($_GET["action"] === "logout")
{	
	// Unset some session variables on logout
  unset($_SESSION["username"]);
	unset($_SESSION["loggedIn"]);
	session_destroy();
	// Redirect to this page as logged out
	header('Location:?p=login');
	return;
}

//
// The following constructs a form for logging in
//

echo '<form name="input" action="?p=login&action=login" method="post">
			<label for="username">Username:</label>';

// If remembered user, insert it as default value for username field
if(isset($_COOKIE['storedUser']))
{
	echo '<input id="textfield" type="text" name="username" value="'.$_COOKIE['storedUser'].'" />';
}
else
{
	echo '<input id="textfield"   type="text" name="username" />';
}
echo '<label for="pass">Password:</label><input id="textfield" size="25" type="password" name="pass" />';

// If the user is saved, check the "Remember Me" checkbox, otherwise leaved unchecked
if(isset($_COOKIE['storedUser']))
{
	echo '<input id="checkbox" type="checkbox" name="rememberMe" value="Yes" checked="checked"/>Remember Me';
}
else
{
	echo '<input id="checkbox" type="checkbox" name="rememberMe" value="Yes" />Remember Me';
}

// Login Button
echo '<p class="submit"><input id="button" type="submit" value="Login" name="submit"></p>
			</form>';

?>


